detach.cpp File Reference

.detach command More...

#include "pch.h"

Functions
VOID	CommandDetachHelp ()
	help of the .detach command
VOID	DetachFromProcess ()
	perform detach from process
VOID	CommandDetach (vector< string > SplitCommand, string Command)
	.detach command handler

Variables
ACTIVE_DEBUGGING_PROCESS	g_ActiveProcessDebuggingState
	State of active debugging thread.
BOOLEAN	g_IsSerialConnectedToRemoteDebuggee
	Shows if the debugger was connected to remote debuggee over (A remote guest)

Detailed Description

.detach command

Author

Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version

0.1

Date

2020-08-28

Copyright

This project is released under the GNU Public License v3.

Function Documentation

CommandDetach()

VOID CommandDetach	(	vector< string >	SplitCommand,
		string	Command )

.detach command handler

Parameters

SplitCommand
Command

Returns

VOID

{
    if (SplitCommand.size() >= 2)
    {
        ShowMessages("incorrect use of the '.detach'\n\n");
        CommandDetachHelp();
        return;
    }
 
    //
    // .attach and .detach commands are only supported in VMI Mode
    //
    if (g_IsSerialConnectedToRemoteDebuggee)
    {
        ShowMessages("err, '.attach', and '.detach' commands are only usable "
                     "in VMI Mode, you can use the '.process', or the '.thread' "
                     "in Debugger Mode\n");
        return;
    }
 
    //
    // Perform detach from the process
    //
    DetachFromProcess();
}

CommandDetachHelp()

VOID CommandDetachHelp

(

)

help of the .detach command

Returns

VOID

{
    ShowMessages(".detach : detaches from debugging a user-mode process.\n\n");
 
    ShowMessages("syntax : \t.detach \n");
}

DetachFromProcess()

VOID DetachFromProcess

(

)

perform detach from process

Returns

VOID

{
    DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS DetachRequest = {0};
 
    //
    // Check if debugger is loaded or not
    //
    AssertShowMessageReturnStmt(g_DeviceHandle, ASSERT_MESSAGE_DRIVER_NOT_LOADED, AssertReturn);
 
    //
    // Check if we attached to a process or not
    //
    if (!g_ActiveProcessDebuggingState.IsActive)
    {
        ShowMessages("you're not attached to any thread\n");
        return;
    }
 
    //
    // Perform the detaching of the target process
    //
    UdDetachProcess(g_ActiveProcessDebuggingState.ProcessId, g_ActiveProcessDebuggingState.ProcessDebuggingToken);
}

Variable Documentation

g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState

extern

State of active debugging thread.

{0};

g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee

extern

Shows if the debugger was connected to remote debuggee over (A remote guest)